﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.IO;

namespace JobSeek.Classes
{
    public class ApplicantMembershipProvider : ParentMembershipProvider
    {
        /// <summary>
        /// Validate applicant upon logging in. 
        /// </summary>
        /// <param name="username">email address of the applicant.</param>
        /// <param name="password">password of the applicant</param>
        /// <returns>true if user is found.</returns>
        public bool ValidateApplicant(string username, string password)
        {
            bool success = false;
            //get salt from the database
            using (job_seekerEntities ctx = new job_seekerEntities())
            {
                Applicant applicant = (from app in ctx.Applicants
                                       where app.email == username
                                       select app).SingleOrDefault<Applicant>();

                if (applicant != null)
                {
                    string salt = applicant.salt;

                    string hashSaltAndPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(salt + password, "SHA1");

                    if (applicant.password == hashSaltAndPassword)
                    {
                        success = true;
                    }
                    else
                    {
                        //lock account if pwd attempt exceeds
                        applicant.pwd_attempts += 1;
                        if (applicant.pwd_attempts == 5)
                        {
                            applicant.account_disabled = 1;
                        }
                        success = false;
                    }

                }
            }

            return success;

        }

        /// <summary>
        /// Reset password if applicant forgets
        /// </summary>
        /// <param name="email">email when they register</param>
        /// <returns>true if the password is successfully reset</returns>
        public bool ResetPasswordForApplicant(string email)
        {
            //send pwd to user.
            //generate a alphanumeric pwd to user and ask them to change on login
            bool success = false;
            string randPassword = GenerateRandPassword();
            string salt = CreateSalt(new Random().Next(1, 100));

            using (job_seekerEntities ctx = new job_seekerEntities())
            {

                Applicant applicant = (from app in ctx.Applicants
                                       where app.email == email
                                       select app).SingleOrDefault<Applicant>();

                if (applicant != null)
                {
                    string hashPwd = CreateHashPassword(randPassword, salt);

                    applicant.password = hashPwd;
                    try
                    {
                        ctx.SaveChanges();
                        success = true;
                    }
                    catch (Exception ex)
                    {
                        //Log Error
                        success = false;
                    }
                    //send email to them telling them that thier password has changed
                }
                if (success)
                {

                    string body1 = new StreamReader(HttpContext.Current.Server.MapPath("~/Email_Template/reset_pwd.htm")).ReadToEnd();
                    string body = "Your password has been reset. Please login with this new password and change it immediately after login.";
                    string subject = "Password Resetted";
                    //might give error if smtp server has error. Catch the exception in SendEmail()
                    SendEmail(body, subject, applicant.email);
                }

            }
            return success;


        }
        //public Applicant CreateApplicant(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        //{
        //    throw new NotImplementedException();
        //}
    }
}